Cyberdefense/DeepBlueCLI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
154 Commits 2 Branches 0 Tags
bc63790883ec2f71d303978ad00230b061f9a388
Commit Graph

14 Commits

Author SHA1 Message Date
Joshua Wright
612cde1cf3 Disable Metasploit psexec detect due to false-positive conflict with MS Exchange; revise alert for _Multiple admin logons for one account_ to show attempt count instead of unique event IDs 2019-05-06 14:34:31 -04:00
Joshua Wright
9a293b974e Add more Mimikatz detection, focusing on token::elevate as a non-admin user 2019-05-03 06:33:20 -04:00
Joshua Wright
f17d32491e Add password spray detection, sample evtx 2019-04-30 17:11:56 -04:00
Joshua Wright
6766ac618c Add Event ID 4673 Sensitive Privilege Use detection for Mimikatz 2019-04-30 14:38:43 -04:00
Joshua Wright
2fe7d13599 Add detector and event log to watch for Event Log Service stop/start as an indicator or event log tampering with eventlogedit 2019-04-28 14:23:23 -04:00
Eric Conrad
18ba3fc256 Delete Powershell-Invoke-Obfuscation-token-menu.evtx 2017-09-22 14:14:02 -04:00
Eric Conrad
7f90195d1d Added Invoke-Obfuscation sample evtx files 2017-08-30 15:49:46 -04:00
Eric Conrad
5a2f201331 Delete readme.md 2016-09-21 10:06:01 -04:00
Eric Conrad
821ca4c318 Add files via upload 2016-09-21 00:03:48 -04:00
Eric Conrad
d1d21c91a1 Delete metasploit-psexec-native-upload-target-system.evtx 2016-09-21 00:03:36 -04:00
Eric Conrad
c45dbc3655 Delete metasploit-psexec-native-upload-target-security.evtx 2016-09-21 00:03:26 -04:00
Eric Conrad
cdf59ab6b5 Add files via upload 2016-09-20 23:58:54 -04:00
Eric Conrad
9c6854a0b2 Add files via upload 2016-09-20 15:35:54 -04:00
Eric Conrad
9250e34d6c Create readme.md 2016-09-20 15:34:36 -04:00